Question No: 82

In a multi-node ISE deployment, backups are not working on the MnT node. Which ISE CLI option would help mitigate this issue?

repository

ftp-url

application-bundle

collector

Answer: A

Question No: 83

Which Cisco ISE feature can differentiate a corporate endpoint from a personal device?

EAP chaining

PAC files

authenticated in-band provisioning

machine authentication

Answer: A

Question No: 84

Where is dynamic SGT classification configured?

Cisco ISE

NAD

supplicant

RADIUS proxy

Answer: A

Question No: 85

Which debug command on a Cisco WLC shows the reason that a client session was

terminated?

debug dot11 state enable

debug dot1x packet enable

debug client mac addr

debug dtls event enable

debug ap enable cisco ap

Answer: C

Question No: 86

In AAA, what function does authentication perform?

It identifies the actions that the user can perform on the device.

It identifies the user who is trying to access a device.

It identifies the actions that a user has previously taken.

It identifies what the user can access.

Answer: B

Question No: 87

A security administrator wants to profile endpoints and gain visibility into attempted authentications. Which 802.1x mode allows these actions?

monitor mode

high-security mode

closed mode

low-impact mode

Answer: A

Explanation: Monitor ModeMonitor Mode is a process, not just a command on a switch. The process is to enable authentication (with authentication open), see exactly which devices fail and which ones succeed, and correct the failed authentications before they cause any problems.

Question No: 88

Which three algorithms should be avoided due to security concerns? (Choose three.)

DES for encryption

SHA-1 for hashing

1024-bit RSA

AES GCM mode for encryption

HMAC-SHA-1

256-bit Elliptic Curve Diffie-Hellman

2048-bit Diffie-Hellman

Answer: A,B,C

Question No: 89

Which advanced option within a WLAN must be enabled to trigger central web authentication for wireless users?